You are the systems engineer for Contoso, Ltd. The network consists of a single Active Directory domain named contoso-ad.com. All servers run Windows Server 2003.
A Windows Server 2003 computer named DNSSRV1 functions as the internal DNS server and has zones configured as shown in the exhibit. (Click the Exhibit button.)
The network is not currently connected to the Internet. The company maintains a separate network that contains publicly accessible Web and mail servers. These Web and mail servers are members of a DNS domain named contoso.com. The contoso.com zone is hosted by a UNIX-based DNS server named UNIXDNS, which is running the latest version of BIND. The company plans to allow users of the internal network to access Internet-based resources. The company’s written security policy states that resources located on the internal network must never be exposed to the Internet. The written security policy also states that the internal network’s DNS namespace must never be exposed to the Internet. To meet these requirements, the design specifies that all name resolution requests for Internet-based resources from computers on the internal network must be sent from DNSSRV1. The current design also specifies that UNIXDNS must attempt to resolve any name resolution requests before sending them to name servers on the Internet.
You need to plan a name resolution strategy for Internet access. You need to configure DNSSRV1 so that it complies with company requirements and restrictions.
What should you do?

You are the network administrator for your company. You need to provide Internet name resolution services for the company. You set up a Windows Server 2003 computer running the DNS Server service to provide this network service. During testing, you notice the following intermittent problems. Name resolution queries sometimes take longer than one minute to resolve. Some valid name resolution queries receive the following error message in the Nslookup command-line tool. "Non-existent domain." You suspect that there is a problem with name resolution. You need to review the individual queries that the server handles. You want to configure monitoring on the DNS server to troubleshoot the problem. What should you do?

You are the network administrator for your company. All servers run Windows Server 2003. The network contains two Web servers named Server1 and Server2 and three application servers named Server3, Server4, and Server5. All five servers have similar hardware. The servers are configured as Network Load Balancing clusters, as shown in the exhibit. (Click the Exhibit button.)
A Web services application hosted on Server1 and Server2 communicates to application components hosted on Server3, Server4, and Server5 by using the IP address 10.1.20.11. The application is designed to be stateless. The Network Load Balancing settings for each server are listed in the following table.
Users report that response time to the Web services application is slow. You investigate the performance of each server and observe the information listed in the following table.
You need to improve the response time of the application. What should you do?

You are a network administrator for your company. The network consists of a single Windows 2000 Active Directory forest that has four domains. All client computers run Windows XP Professional. The company’s written security policy states that all e-mail messages must be electronically signed when sent to other employees.
You decide to deploy Certificate Services and automatically enroll users for e-mail authentication certificates. You install Windows Server 2003 on two member servers and install Certificate Services. You configure one Windows Server 2003 computer as a root certification authority (CA). You configure the other Windows Server 2003 server as an enterprise subordinate CA. You open Certificate Templates on the enterprise subordinate CA, but you are unable to configure certificates templates for autoenrollment.
The Certificate Templates administration tool is shown in the exhibit. (Click the Exhibit button.)
You need to configure Active Directory to support autoenrollment of certificates.
What should you do?

Your company has an Active Directory directory service domain. All servers in your environment run Windows Server 2003. You use dynamically assigned IP addresses. You set Internet proxy settings by using Web Proxy Automatic Discovery (WPAD). After a new Group Policy is applied, multiple client computers cannot access the Internet. You verify that physical network connectivity for the client computers is functional and that the client computers can communicate with the DHCP server, the WPAD server, and the default gateway. On each affected client computer, the Internet options are configured as shown in the following graphic. You need to restore Internet connectivity on the affected client computers.
exhibit What should you do?

You are the network administrator for your company. All servers run Windows Server 2003. You configure a baseline security template named Baseline.inf. Several operations groups are responsible for creating templates containing settings that satisfy operational requirements. You receive the templates shown in the following table.
The operations groups agree that in the case of conflicting settings, the priority order listed in the following table establishes the resultant setting.
You need to create one or more Group Policy objects (GPOs) to implement the security settings. You want to minimize the amount of administrative effort required when changes are requested by the various operations groups. What should you do?

You are the network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. When the network was designed, the design team set design specifications. After the network was implemented, the deployment team set baseline specifications. The specifications for broadcast traffic are. The design specification requires that broadcast traffic must be 5 percent or less of total network traffic. The baseline specification showed that the broadcast traffic is always 1 percent or less of total network traffic during normal operation.You need to monitor the network traffic and find out if the level of broadcast traffic is within design and baseline specifications.
You decide to use Network Monitor. After monitoring for 1 hour, you observe the results shown in the exhibit. (Click the Exhibit button.)
You need to report the results of your observations to management.
Which two actions should you take? (Each correct answer presents part of the solution. Choose two.)

All servers in your environment run Windows Server 2003. You are planning security policies for remote network administration for your companys Tier 1, Tier 2, and Tier 3 support technicians. Your security policies must support the requirements shown in the following table.
You enable Terminal Services for Tier 3 support technicians. You need to ensure that support technicians have the appropriate remote administration access to all servers. Which two actions should you perform?
(Each correct answer presents part of the solution. Choose two.)

You are a network administrator for your company. The network consists of a single Active Directory domain. All servers run Windows Server 2003. Client computers run Windows 2000 Professional, Windows XP Professional, or Windows NT Workstation 4.0.The company wants to increase the security of the communication on the network by using IPSec as much as possible. The company does not want to upgrade the Windows NT Workstation 4.0 client computers to another operating system. The servers use a custom IPSec policy named Domain Servers.
The rules of the Domain Servers IPSec policy are shown in the exhibit. (Click the Exhibit button.)
You create a new Group Policy object (GPO) and link it to the domain. You configure the GPO to assign the predefined IPSec policy named Client (Respond Only).
After these configuration changes, users of the Windows NT Workstation 4.0 computers report that they cannot connect to the servers in the domain.You want to ensure that Windows NT Workstation 4.0 client computers can connect to servers in the domain.What should you do?

You are the network administrator for your company. The relevant portion of the network is shown in the exhibit. (Click the Exhibit button.)
All servers run Windows Server 2003. Each subnet of the network contains 100 Windows XP Professional computers. Each subnet also contains a DHCP server, which provides TCP/IP configuration information to all computers on its local subnet. You create and configure Subnet3 for a new department at your company. Users in Subnet3 report that they cannot connect to resources located on servers in Subnet1 and Subnet2. When they attempt to connect to these resources, they receive the following error message. "Server not found." The users can successfully connect to resources located on servers in Subnet3. Users in Subnet1 and Subnet2 report that they cannot connect
to resources located on servers in Subnet3. When they attempt to connect to these resources, they receive the following error message. "Server did not respond in a timely manner." The users can successfully connect to resources in both Subnet1 and Subnet2.
You need to ensure that all client computers can connect to server-based resources on all subnets. What should you do?